Microsoft Azure provides Security Defaults to help organizations establish baseline security measures within Azure Active Directory (Azure AD) that include Multi-Factor Authentication (MFA), self-service password reset, enhanced privileged access management, and blocking legacy authentication protocols. The implementation of Security Defaults offers ease of use, compliance assistance, and cost efficiency, especially for small and medium-sized businesses. However, certain scenarios may require disabling Security Defaults such as custom policies, legacy systems, granular control, and development environments. Disabling Security Defaults increases visibility to threats and may make it harder to meet compliance requirements and cause user mistakes.
Disabling Security Defaults should only be done if you have alternative security measures in place. Organisations must ensure they have equivalent or better security measures in place before turning off Security Defaults.
Best practices after disabling Security Defaults include Setting up Conditional Access policies, Enabling Custom MFA policies, Monitoring Azure AD logs, Educating your Users, and using Azure AD Privileged Identity Management (PIM). Advanced Alternatives to Security Defaults include Identity Protection, App-Based Conditional Access, and Zero Trust Security Model.